On Mon, Dec 22, 2003 at 10:10:24AM +1300, Russell Fulton wrote: > I had nessusd on a box but had not used it for some time (nearly a > year). When I tried to connect to it from nessus 2.0.7 client (mandrake > 9.2) I got a pop up message "SSL error". > > I then reinstalled nessus on the server (2.0.9) and regenerated the SSL > key and tried again with the same result. I also get the following > message from the client (written to the shell - stderr??) > > SSL_connect[2311]: error:00000000:lib(0):func(0):reason(0)
nessus-mkcert creates private keys and certs for both the certificate
authority and server. Further, the same certificate authority must be
used to create both server and client private keys and certificates.
Thus,
- If you regenerate the server's private key / cert, you will need to
regenerate any client keys.
- You need a copy of the CA's cert on any host from which you'll run the
nessus client and each client's config should point to that copy using
the parameter "trusted_ca". To find out where the CA's cert is, run
"nessusd -s | grep ca_file" on the server's host.
If you're still having trouble connecting, try connecting directly to
the server using OpenSSL's s_client command; eg,
openssl s_client -connect remotehost:1241 -tls1 \
-cert ~/.nessus/cert_auser.pem \
-key ~/.nessus/key_auser.pem \
-CAfile /usr/local/com/nessus/CA/cacert.pem
Adjust remotehost and the filenames as necessary and control-C out of
the command if it appears to hang.
George
--
[EMAIL PROTECTED]
pgp00000.pgp
Description: PGP signature
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
